Excellent article about Parrot, by Allison Randal.
Parrot’s record for a language implementation was a conference session where the speaker implemented the basics of the LOLCODE language from scratch as a live demonstration. It was a 5-minute lighting talk.
I have to get the time to implement a DSL for something on top of Parrot, to see how it works. Right now I only compile Parrot to run Rakudo.
Yesterday I saw a question by fREW Schmidt regarding where to place the validation code in your apps. I made a mental note to answer it, but as most of my mental notes, it was quickly forgotten.
Today, a new article describes the answer he got. In the end he decided to put the validation inside the model. I can only say: good for you.
But one of the reasons against the validation-inside-the-model that he received baffled me: Models don’t know about the current user (or other higher level information).
If your models don't know who is the person authenticated (and please read Yuval article about modelling identity to understand how complex it can become), then you are doing it wrong.
Models must know who is the authenticated user. They must know it because that is the only sane way to implement authorization inside your methods, and to generate a audit log of operations.
What I usually do is to create a Session class. For each request (be it Catalyst request, incoming email message, or XMPP request), I create a new Session instance initialized with the current user information plus some tidbits like channel (Web, email, XMPP) and IP address (if available).
Then all accesses to my API are either via the session object (create methods to access most important parts of your API), or by passing this session object to the API you are calling.
You should also use your Session as the access point to your logging and auditing capabilities.
The article mentions other issues like error messages. I haven't add the necessity of developing an application with multiple language support yet, but I think that the current throw-exception-objects strategy, with all the information (including the authorized user to figure our preferred language) will be able to deal with the problems that I can think of now.
In the end, I'm actually really curious about why would people think that putting your validation code in the controllers is a good idea.
Update: a lot of stuff in the comments if you care about this topic.
I like to tinker with hardware, specially old servers.
I spent an hour upgrading our office server this morning. In a world of Ghz speeds, be prepared to slow down a little.
The server was a dual-pIII (yes, Pentium III, Katmai generation) at 450Mhz (yes, mega) with 512Mb RAM (at 100Mhz, in 4 DIMMs). The upgrade replaced the CPUs with a pair of pIII 500Mhz (a 11% increase, not bad), and the memory to 1Gb at 100Mhz. Basically thats the best you can hope for with this Intel N440BX (aka Intel Nightshade) board.
I don't have the full specs for either of them but I would guess that the CPU inside the new iPhone 3GS is a little faster than the pair of pIII I'm using.
The obligatory Flickr set for enthusiasts of old hardware porn.
I also uploaded a small video showing the hardware boot up, but had to use Vimeo because Flickr limits video uploads to 90 seconds, and this server takes a bit more than that just counting the RAM...
I bought this server in 1999, to power the NFS server for the first launch of the mail.pt service. It was handed down through the times, from company to company, until it belonged to me after the demise of Prodigio. At the time it used two Mylex SCSI RAID controllers (I still have them, one of them in production) with 4 x 9Gb SCSI hard drives on each.
I have a quote for a €390 upgrade to a Core 2 Quad 2.8 Ghz with 8Gb RAM. I plan to do this sometime next month. But this old office server will not die. It will power a smoke server to test Perl modules with several releases of FreeBSD.
Another puzzle by the Bram Cohen (the same who created BitTorrent) and Oskar van Deventer: the Geary cube.
Some of their previous puzzles are very interesting like the JumblePrism or my two favorites, the RotaCubes and the Bramboules.
Oscar van Deventer creates stranger things: the WimTvane or the Topsy Turvy are just two examples
He also has a beautiful adding machine for kids.
I like puzzles. Puzzles good.
I mentioned last week that I had started using PGP Whole Disk Encryption on my laptop (a first generation MacBook Pro 17" btw, it has a 32bit 2.16Ghz Core Duo with 2Gb RAM).
I encrypted the external FW800 500Gb hard disk that I use exclusively for Time Machine last night. It took about 8 hours. So far so good.
When I connect it to my mac, a PGP WDE dialog pop-up shows up, asking me for the correct pass-phrase. After I enter it, it shows up as a Time Machine external disk, and the backup starts.
Be aware that, in case of hard disk disasters, encrypting your TM disk can be more awkward than encrypting your internal hard drive.
With a normal non-encripted TM drive, you can boot your Mac from a Leopard DVD, and ask the Installer to restore a TM backup directly.
If you encrypt you TM disk, thats no longer an option. You have to install a bare bones system, install PGP WDE, and then restore the TM backup.
A possible solution (untested for now) is to have a clone of your internal hard drive (even an encrypted clone should work) that you update from time to time. Then you should be able to boot from the clone and restore a TM backup to the internal disk.
As I said, I haven't tried this yet. It should work, I don't see any reason not to.
I do have a clone of my internal hard drive, thats the next one to encrypt. I'll check to see if he is still bootable afterwards, and I'll try to find an extra disk somewhere to restore a TM backup.
I'm really happy with PGP WDE, works great, no surprises so far.
Google kettle let go a cloud of vapor and named it Wave. Of course we cannot know how it works and how similar it is to Drop.io.
Until we do know more about it, we can look through the Wave protocol draft spec, and notice that its built on top of XMPP.
At the same event, the new XMPP-powered mini applications where also announced. Each one is a XML file with all the HTML, CSS, and JS files packed together. Time to see how long it will take a XMPP desktop client with access to a WebKit view to implement this extension. It reminds me all the discussions about embedded applications we had in the API mailing list last year.
The Github gang developed a Mercurial plugin, hg-git, that allows Mercurial users to push/pull from Git servers.
It seems very good (I'm not a Hg user, so I don't really know). Lossless bi-directional synchronization.
Nice.
An article about immutable data structures (which is an excellent read in itself) has two interesting paragraphs about Git:
Casual observers initially criticised git for having a model so simple it was actually naive. It turns out they were confusing the model with its on disk representation. Git makes this distinction very well, and the result is that it implements powerful features (for instance idempotent patch application) which are apparently too complicated in other systems. Git itself isn't simple at all, the problem of version control is a complicated one so any system dealing with it is inherently complex. Git's advantage is that it's built on a very simple and future proof core, allowing the complex parts to evolve more easily.
A very nice way to put it, Yuval.
I've linked this excerpt differently. The linked Git documentation file is well worth a read, if you care about why git turned out as it did. Not that much interesting for day-to-day usage though.
The first release candidate of the 0.13 version of Psi was released just now, and it includes voice calls using Jingle RTP.
I'll keep it running in case you need a guinea pig for tests.
Very good news.
The local::lib module is an essential piece of my workflow nowadays. It allows me to easily keep each project Perl modules separate, and therefore minimize breakage.
Bootstrapping local::lib was reasonably simple but it got a lot simpler with the latest 1.004001 version. Basically you can just pipe the output of a URL into perl to bootstrap it.
The URL is some long beast in the cpansearch.perl.org site, impossible for me to memorize, so I created a shorter version, http:://bit.ly/local-lib. To bootstrap local::lib you now can:
wget -O- http://bit.ly/local-lib | TARGET=target_dir perl
or if you are a curl user:
curl -L http://bit.ly/local-lib | TARGET=target_dir perl
I wish I didn't have to specify the TARGET environment. It should assume, like the previous bootstrap process, ~/perl5. I'll whip up a patch tomorrow.
There is no permalink to the latest version of the bootstrap script, so until I can find a way to alter the destination URL, we are stuck with the current version of it. I do hope a more definitive URL shows up, like the suggested http://install.local-lib.pl/.
The process worked fine for me in a couple of servers around here, but it is not a complete bootstrap. This process installs the local::lib module but doesn't adjust your shell configuration to make the settings stick.
So after you need to run this:
TARGET=perl6 echo "eval \$(perl -I$TARGET/lib/perl5 \
-Mlocal::lib)" >>~/.bashrc
(see the local::lib bootstraping section for csh instructions)
Its an excellent service, and it can only get better.
One down, a lot more to go. Or so I hope...
I love TED presentations, and I was curious about one of the latest ones: 10 things you didn't know about orgasm by Mary Roach.
The presentation is very good, but starting around 10m25s there is a sequence about pig farming in the Netherlands that make me laugh out loud.
Weird stuff.
Update: well, chickens are even worse (PDF)...
For the past week or so, I've kept myself without network access for the larger part of each day.
I check my email and RSS feeds early in the morning and late at night, just before bed, and keep my IM and IRC clients closed.
I needed to take a break, really. I found myself in the worst productivity slump ever, and something had to change.
I have lot of work piled up that I really want to get done:
AnyEvent::Mojo-based implementation;Thats the top 4, and I'm not even including $work stuff. On that side of things, I'm considering switching parts of DBIx::Class-based that I have (and don't particularly like, and in need of some feature-upgrades) to KiokuDB. That's probably the top item.
So far, working offline is paying off. I'm clearly more productive and I'm slowly getting myself out of the hole. I wonder how long I'll keep myself sane this way...
One recurrent worry that I had was about my laptop security. At least once a week I get an email from a local portuguese Mac-zine about stolen Macbooks. When I got them, my first thought was always: if that happened to me, my $bussiness is screwed...
So a couple months ago I started looking around for options to secure my two macs (desktop and laptop) and their Time Machine backup drives against physical theft.
I bought a copy of PGP Whole Disk Encryption and I'm using it on my laptop. On day-to-day usage, you just don't notice the overhead. I suppose that if I had to do I/O intensive stuff I might, but so far it doesn't register at all.
The setup process is slow but painless. It took about 3 hours to encrypt my hard drive, and the laptop remains usable during the whole process. You can even stop and restart if you need to.
You can have several users each one with a different pass-phrase that can unlock the hard drive at boot time. I created two users, one for me, and another for disaster recovery. I generated a long random pass-phrase for the second user, printed two copies, and stored each copy on two different safe deposit boxes that I and my business parter have access to. This way, if I get hit by a bus, my partner can access the content of the drive.
My next step will be to encrypt the entire Time Machine external disk drive that I use. After that, I'll update the desktop machine and its Time Machine backup disk.
This should solve the physical theft problem. There are some precautions that you need to take though. For example, to be protected you must shutdown your laptop. When the laptop enters sleep mode, the hard drive remains "open". It would be nice to "lock" the hard drive when entering sleep mode, but I guess that it would require more support from Apple to do that. This is a problem for the laptop. I usually shutdown my desktop everyday when I leave the office. I do hope to see a lock-on-sleep feature in a future release.
But so far I'm very happy with this solution. Recommended.
Of course, I still have to worry about non-physical theft. People could still hack into my servers, or even hack into my desktop/laptop while they are running. But its a step.
The servers run with minimal services, and with a firewall active. I still haven't made the jump to a full SELinux enabled system, though. I do have a minimal port-knocking system for ssh connections, but its still experimental and only covers two of the ten servers I manage.
Also, some less secure services still share hosts with other higher security services. This is legacy from a time when I had less servers, and splitting them was not an option. My experiments with OpenVZ should provide an even better solution for this problem.
Small company, so small steps.
